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Protection of 
security critical data in networks ^.sgn^s 



Claims 



Claims 1 *3d (canceled) 

37, (new) An Interprocess communication system running on a network system com- 
prising at least one central unit ZE, at least one service unit SE physicalty con- 
nected with ZE and pe (pe integer and 0 < pe) perlplieral units PEi,...,pd physically 
connected to said central unit ZE, wherein ZE executes at least one thread • called 
Central Process or Thread SE executes at least one thread S - called Critical Ser- 
vice - and wherein 

I. said at least one Critical Service comprizes means to initiate or accept at least 
one standing logical bidirectional communication connection to or from said at 
least one Central Process, and wherein 

II. said at least one Central Process comprizes means to accept or Initiate at 
said least one standing logical bidirectional communication connection from or 
to said at least one Critical Service, and wherein 

ilK after establichment of said at least one standing logical bidirectional communi- 
cation connection between said at least one Central Process and said at least 
one Critical Service no further connection can be Initiated or accepted by 
threads running on SE, and wherein 

iv. at least one peripheral thread running on one peripheral unit of peripheral 
units PEi pe comprizes means to initiate or accept at least one sftandlng logi- 
cal bidirectional communication connection to resp. from said at least one 
Centra} Process, and wherein 
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V. said at least one Central Process comprizes means to accept or Initiate at 
least one standing logical bidirectional communication connection from rasp, 
to said at least one poripheralk thread, and wherein 

vl, after establlchment of said at least one standing logical bidirectional communi- ^^.^ 
I * cation connection between said at least one Central Process and saljj at le&sJi^i riicf 

one peripheral thread data stored on service unit SE is accessible for said at-.^ 
least one Central Process only via said at least one Critical Service and for 
said at least one peripheral thread only via said at least one Central Process 
and said at least one Critical Service. 

38. (new) Network system according to claim 1 wherein at least one central process 
assigns at least one logical Identification to at least one connection to a critical ser* 
vice connected to said central process, such that a peripheral thread is able only 
with the knowledge of said logical identjficatlon(s) to communicate indirectly via 
said central process with at least one member out of a group of critical services, 
which group is uniquely Identified by said logical identificatlon(8). 

39. (new) Network system according to one of the claims 1 or 2 comprising at least two 
segments N1 and N2, at least one central unit ZE physically connected with each of 
the segments N1 and N2, at least one service unit SE in segment N1 and physically 
connected with ZE and an arbitrary number of peripheral units PE1..n physically 
connected with ZE wherein direct logical communication connections between 
peripheral threads running on a peripheral unit within N1 or N2 or a central unit and 
ZE can be established, whereby said central unlt(s) are able to build-up or accept 
direct logical connections to or from units in N1 or N2, and whereby units In N1 can- 
not estal^lish direct logical connections to units in N2 with the exception of said cen- 
tral proce88(es}, and whereby units in N2 cannot establish direct logical 
connections to units In N1 with the exception of said central process(es), and 
whereby units in N1 cannot accept direct logical connections from units in N2 with 
the exception of said central process(es), and whereby units In N2 cannot accept 
direct logical connections from units in N1 with the exception of said central pro- 
cess(es). 

40. (new) Network system according to one of claims 1 to 3, wherein the central unrt ZE 
stores authorization data AD and wherein at least one peripheral thread after con- 
necting to the central process Z on ZE transmits access data to Z, and wherein Z 
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checks the access rights of the peripheral process by checking said access data 
against said authentlzation data AD, and wherein 2 terminates the connertton to 
said peripheral process If the result of said check of said access rights is nej^ttve, 

41 . (new) Network system according to one of claims 1 to 3, wherein at least one Unit 
AE directly or Indirectly physically connected with central unit ZE stores authoriza" 
tlon data AD and wherein AE executes at least one authorization thread AS able to 
bulld-up or accept a standing logical connection to or from Z, and wherein at least 
one peripheral thread after build-up of the connection to central process Z sends Z 
access data, and wherein Z receives said access data and fon/vards said access 
data to AS, and wherein AS receives said access data, checks the access rights of 
said peripheral process by checking said access data against said authorization 
data AD and transmits the result of said check of said access rights to Z. and 
vi^ereln Z terminates the connctlon to said peripheral process If the result of said 
check of said access rights is negative. 

42. (new) Network system according to claim 1. wherein at least one central unit exe* 
cutes at least one thread - called logon process or thread - providing at all times at 
least one open connection endpotnt identified by a fix local identification, and 
wherein no central proce5S(e$) provide open connection endpoints without prior 
trigger from eald logon process, and wherein at least one peripheral thread to con- 
nect to a central proce8s(es) establishes first a connection to said logon process, 
and wherein said logon process via an arbitrary interthread- or interprocess com- 
munication medium triggers at least one central process to open a new connection 
endpoint, and wherein at least one of the triggered central processes opens for a 
predefined time Interval a new connection endpoint with a local identification known 
to said peripheral thread, and wherein said peripheral thread connects to at least 
one of said opened connection endpoint(s) of at least one central process within 
said predefined time interval, and wherein all triggered central processes ck>se ail 
opened connection endpoints to which said peripheral process did not connect to 
within said predefined time Interval. 

43. (new) Network system according to claim 6 wherein the communication medium 
l^etween at least one logon process and at least one central process Is a standing 
logical connection. 
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44. (new) Network system according to one of the claims 6 or 7 wherein at lemt ena 
peripheral thread transmits to the logon process additional access dat|»i,and 
wherein the logon process checks the access rights of said peripheral procK^.by . 
checking said access data against predefined authorization data, and whejM||gBid 
logon process triggers at least one central process to open a new connection end- 
potnt only If said authorization check returns a positive result. 

45. (new) Network system according to claim 6 wherein at least one unit AE stores 
authorization data, and wherein each of the unit(s) AE Is(are) physically conoeded 
to at least one central unit, and wherein each of the unit(s) AE executes an amtiari- 
zatlon service AS, which service is able to establish or to accept standing \osfca\ 
connections to or from at least one logon process and to or from at least one central 
process, and wherein a peripheral thread after connecting to a logon process sends 
said logon process its access data, and wherein said logon process forwardaeach 
connection request of a peripheral thread together with said access data to said 
authorization service AS, and wherein said authorization service AS checks the 
access rights of said peripheral thread by checking said access data against autho- 
rization data AD and in case of a positive result triggers at least one central process 
to open a new connection endpoint, and wherein at least one of the triggersd cen- 
tral processes provides for a predefined time interval a new open connection md- 
point with a local identification known to said peripheral thread, and wherein said 
peripheral thread connects to at least one of said temporarily opened connection 
endpolnt(8) within said predefined time interval, and wherein all central proGess(es) 
close ail temporarily opened connection endpoints to which said peripheral thread 
did not connect to within said predefined time interval. 

46. (new) Network system according to one of the claims 6 to 9 wherein at least one 
peripheral thread does not know the local identification of at least one temporarily 
opened connection endpoint by at least one central process, and wherein said 
peripheral thread receives said local identification from at least one logon process. 

47. (new) Network system according to claim 10 wherein at least one logon |:»m»S8 
generates at least one local identification of at least one connection endpoint to be 
provided by at least one of the central processes and transmits said generated 
local Identification during connection build-up to at least one peripheral thread and 
to at least one central process providing a new temporarily opened connection end^ 
point vwth said local Identification. 
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48. (new) Network system according to claim 10 wherein at least one central process 
generates at least one local identification of at least one connection endpoint to be , 
provided by at least one of the central processes and transnnits said generated 
local Identification during connection build-up via at least one logon process to at -^r,^ 
least one peripheral thread. 

49. (new) Network system according to claims 9 and 1 0 wherein at least one authoriza- 
tion service generates at least one local Identification of at least one connection 
endpoint to be provided by at least one of the central processes and transmits said 
generated beat identifloatlon during connection build-up via at least one logon pro* 
cess to at least one peripheral thread and to at least one central process providing 
at least one temporarily open connection endpoint with said generated local identl- 
ftoation. 

50. (new) Network system according to one of claims 9 to 1 3 wherein at least one tocal 
Identification of at least one temporarily opened connection endpoint of at least one 
central process is generated randomly or pseudo-randomly. 

51 . (new) Network system according to one of claims 9 to 14 wherein at least one local 
identification of at least one temporarily opened connection endpoint of at least one 
central process is transmitted in at least one encrypted message. 

52. (new) Network system according to one of the claims 6 to 15 wherein at least one 
peripheral thread does not know the physical address of the network interface of at 
least one target central unit, and wherein said peripheral thread receives from at 
least one logon process the physical address of at least one network interface of at 
least one central unit executing at least one central process providing at least one 
temporarily open connection endpoint. 

53. (new) Network system according to claim 16 wherein at least one logon |:»^ocess 
selects at least one central process Z1 providing at least one temporarily open con- 
nection endpoint and transmits the physical address of the network interface of the 
central unit executing Z1 to at least one peripheral thread during connection build- 
up. 

54. (new) Network system according to claim 16 wherein at least one central proceee 
selects at least one central process Z1 providing at least one temporarily open con- 
nection endpoint and transmits via at least one logon process the physical address 
of the network interface of the central unit executing Z1 to at least one peripheral 
thread during connection build-up. 
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55. (new) Network system according to one of the clainns 9 to 16 wherein at least one ^ 
authorization service selects at least one central process Z1 providing at least one 

- - temporarily open connection endpolnt and transmits via at least one logon.pro.ctss , 

the physical address of the network interface of the central unit executing Z1 to at 
least one peripheral thread during connection build-up. 

56. (new) Network system according to one of the claims 1 6 to 1 9 wherein at least one 
central process Is selected randomly or pseudo-randomly, 

57. (new) Network system according to one of the claims 16 to 20 wherein the physical 
address of at least one network interface of at least one central unit running at least 
one central process providing at least one temporarily open connection endpolnt is 
transmitted In encrypted fomi. 

58. (new) Network system according to one of the previous claims wherein at least one 
service bullds-up or accepts at least one standing logical connection to or from at 
least two central processes, and wherein said service provides on at least two of its 
connections different protocols. 

59. (new) Network s^em according to one of the previous claims wherein at least one 
of the protocols of at least one service can be activatMi during operation. 

60. (new) Network system according to one of the previous claims wherein at least one 
of the protocols of at least one servk^ can be deactivated during operation. 

61 . (new) Network system according to one of the claims 23 or 24 wherein the activa- 
tion or deactivation of at least one protocol of at least one service is controlled by at 
least one function of at least one protocol of said service. 

62. (new) Network system according to one of the previous claims wherein at least one 
function of at least one protocol of at least one service can be activated during 
operation. 

63. (new) Network system according to one of the previous claims wherein at least one 
function of at least one protocol of at least one service can be deactivated during 
operation. 

64. (new) Network system according to one of the claims 26 or 27 wherein the activa- 
tion or deactivation of at least one function of at least one protocol of at least one 
sen/Ice is controlled by at least one function of at least one protocol of said service. 

65. (new) Network system according to one of the previous claims wherein at least one 
protocol of at least one service can be loaded into the addressable memory space 
of said service during operation. 
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66* (new) Network system according to one of the previous clainns wherein at least one 
protocol of at least one service can be removed from the addressable menrx)ry 
space of said service during operation, suoh that all functions of said removed pro- 
tocol can only be called again after said protocol has been loaded again into the 
addressable memory space of said sen^ice. 

67. (new) Network system according to one of the claims 29 or 30 wherein the loading 
or removal of at least one protocol of at least one service Is controlled by at least 
one function of at least one protocol of said service. 

68. (new) Network system according to one of the previous claims wherein at least one 
function of at least one protocol of at least one service can be loaded Into the 
addressable memory space of said service during operation. 

69* (new) Network system according to one of the previous claims wherein at least one 
function of at least one protocol of at least one service can be removed from the 
addressable nr^mory space of said service during operation, such that said 
removed function can only be called again after said removed function has been 
loaded again Into the addressable memory space of said service. 

70. (new) Network system according to one of the claims 32 or 33 wherein the loading 
or removal of at least one function of at least one protocol of at least one servtee is 
controlled by at least one function of at least one protocol of said servioe* 

71. (new) Network system according to claim 10 wherein the choise of a central pro* 
cess depends on the authorization of said peripheral thread, or the number of 
peripheral threads connected to each eligible central process, or on the load of 
each eligible central process, or on the system demands of said peripheral thread, 
or on the quality and speed of the connection between said peripheral thread and 
the logon central process or each eligible central process, or on the geographical 
po8itlon(s) of the eligible central unlt(s) or the peripheral unit executing said periph- 
eral thread, or on the network topological location(s) of the peripheral and eligible 
central unit(8), or on the system topological location(s) of the peripheral thread or 
the eligible central proces8(ea). 

72. (new) Network system according to claim 16 wherein the choise of a central unit 
executing an eligible central procress - called eligible unit - depends on the authori- 
zation of said peripheral thread, or the number of peripheral threads connected to 
each eligible central process or central unit, or on the load of each eligible central 
unit, or on the system dennands of said peripheral thread, or on the quality and 
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speed of the connection between each eligible central process and said peripheral 
thread, or on the geographical position{s) of the eligible central unlt{s) or the periph- 
. as^ eral unit executing said peripheral thread, or on the network topologicalJocaBon(8)!3^tf . rs^ja, 

of the peripheral and eligible central unit(s), or on the system topological loca8on(s) 
of the peripheral thread or the eligible central unit{s) running eligible central pro- 
oeds(e8). 



PAGE 9/9* KVD AT 2/17/2005 5:21:36 AM [Eastern Standard Tim^^ 



